Commit message (Collapse) | Author | Age | |
---|---|---|---|
* | fix(nix-sync): Add code-path to create a repo's path, if absent | Benedikt Peetz | 2024-06-05 |
| | |||
* | fix(nix-sync): Ensure that the service can write to all needed paths | Benedikt Peetz | 2024-06-01 |
| | | | | | | | Previously, the generated service _could_ write to the directory, but wanted to create the directory, if it was absent. Creating this directory, requires to be able to write in the parent directory. This is fixed, by ensuring that the parent directories are included. | ||
* | fix(nix-sync): Explicitly set the `network-online.target` dependency | Benedikt Peetz | 2024-06-01 |
| | |||
* | feat(etebase)!: disable etebase-server | Silas Schöffel | 2024-06-01 |
| | | | | | | Sadly, it's author didn't manage to update to a newer version of django before the used version (3.2) reached EOL and was affected by CVE-2024-27351. It's unreasonable to continue using it. | ||
* | fix(system/services/invidious): set db.user to invidious | Silas Schöffel | 2024-06-01 |
| | | | | | This also changes the dbname to "invidious" which isn't mentioned in the commit message as it's the default in nixpkgs. | ||
* | fix(treewide): use invidious-router module provided by nixpkgs | Silas Schöffel | 2024-06-01 |
| | |||
* | feat(system/services/nginx)!: Change meaning of `root` key | Benedikt Peetz | 2024-06-01 |
| | | | | | | | | | | | | The `root` key was rather useless (it was always just the `/etc/.../<domain>` path.). This change gives it a real meaning. See the 'BREAKING CHANGE' section for more information. BREAKING CHANGE: Previously the `root` key denoted the _absolute_ root of a repository. Now it just denotes the root relative (i.e. a path within the built repository) to the repos cloning position. You should just remove the absolute part of the path (that, which is not an output in your built repository) | ||
* | feat(system/services/nginx): add wkd for sils.li | Silas Schöffel | 2024-05-26 |
| | |||
* | feat(system/services/nginx): add wkd for s-schoeffel.de | Silas Schöffel | 2024-05-26 |
| | |||
* | fix(system/services/nginx/hosts): Update trinitrix source git path | Benedikt Peetz | 2024-05-26 |
| | |||
* | feat(system/services/nginx): Add the trinitrix website | Benedikt Peetz | 2024-05-25 |
| | |||
* | feat(system/services/nginx): Add the GPG WKD | Benedikt Peetz | 2024-05-25 |
| | |||
* | feat(system/servies): remove snapper | Silas Schöffel | 2024-04-26 |
| | | | | We handle backups with restic | ||
* | feat(system/services/fail2ban): add postfix jail | Silas Schöffel | 2024-04-25 |
| | | | | | This bans IP Addresses which fail to login into postfix at least 3 times in 600 seconds. | ||
* | style(system/services/mastodon): format with alejandra | Silas Schöffel | 2024-04-25 |
| | |||
* | fix(system/services/mastodon): change back to stable package | Silas Schöffel | 2024-04-25 |
| | |||
* | fix(treewide): move former git-crypted files to correct location | Silas Schöffel | 2024-04-24 |
| | | | | They were accidentally added at the wrong location in dd4b6bcfc16c7c795b697195eb6703966352d9f4 | ||
* | fix(system/services/taskserver): Add required kernel settings | Soispha | 2024-04-02 |
| | | | | | | These are the defaults, but I think it is better to explicitly state them to ensure that we don't suffer from a mistake, when we think about changing them in the future. | ||
* | chore(git-crypt): Remove `git-crypt` and associated encrypted files | Soispha | 2024-03-29 |
| | |||
* | refactor(system/services/taskserver): Move away from git-crypt | Soispha | 2024-03-29 |
| | |||
* | fix(system/services/libreddit): correct binary location in systemd service | Silas Schöffel | 2024-03-28 |
| | | | | | | This is a manual fix until we get this merged into nixpkgs Co-authored-by: Benedikt Peetz <benedikt.peetz@b-peetz.de> | ||
* | feat(system/servics/libreddit): Use the continued redlib package | Soispha | 2024-03-28 |
| | | | | Fixes: #87 | ||
* | fix(system/services/invidious-router): add new healthcheck config | sils | 2024-03-10 |
| | |||
* | fix(system/services/invidious-router): remove invidious.vhack.eu from ↵ | sils | 2024-02-25 |
| | | | | | | | instance list This is necessary because of a bug in our instance which causes search to fail under certain circumstances. | ||
* | style(system/services/invidious-router): one list entry per line | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): change allowed_status_codes type to int | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): bind to 127.0.0.1 | sils | 2024-02-21 |
| | |||
* | fix(system/services/invidious-router): correct typo | sils | 2024-02-21 |
| | |||
* | feat(system/services/invidious-router): add extraDomains | sils | 2024-02-19 |
| | |||
* | feat(system/services/invidious-router): add configuration | sils | 2024-02-19 |
| | |||
* | fix: update mastodon | sils | 2024-02-15 |
| | | | | | This uses the mastodon package from nixos-unstable-small because backporting of a security release failed and we can't afford to wait. | ||
* | feat: remove keycloak | sils | 2024-02-11 |
| | |||
* | fix(system/services/invidious-router): fix typo in domain | sils | 2024-02-10 |
| | |||
* | feat: add invidious-router | sils | 2024-02-10 |
| | |||
* | fix(system/services/restic): create /srv/snapshots if non-existent | sils | 2024-01-19 |
| | |||
* | fix(sys/services/restic): Set the system start time to 'daily' | Soispha | 2024-01-14 |
| | | | | | | Considering that the db dump takes longer than an hour, an hourly service start time could lead to multiple dumps happening concurrently. This should reduce this risk | ||
* | fix(sys/services/restic): Include a db dump of PostgreSQL | Soispha | 2024-01-14 |
| | | | | | | | | | | | | | | | Including this dump should remove the risk of a backup with a corrupt PostgreSQL database. Initial test showed that the backup takes around 32 GB and runs in under 3 hours. There is one big oversight not yet included in this commit: All services running a SQLite database are not included in this dump and thus can not be safely recovered. At present these are: - etebase-server (db.sqlite3) - murmur (murmur.sqlite) (This is list was generated with `sudo fd sqlite /srv/`) | ||
* | fix(system/services): import restic config | sils | 2024-01-07 |
| | |||
* | feat(system): add restic | sils | 2024-01-07 |
| | |||
* | feat(system/services/mastodon): define streamingProcesses | sils | 2024-01-06 |
| | |||
* | feat(system/services/fail2ban): define config in daemonSettings | sils | 2024-01-06 |
| | | | | This isn't strictly necessary as we define the default config | ||
* | feat(system/services/matrix): use mautrix-whatsapp module provided by | sils | 2024-01-06 |
| | | | | nixpkgs | ||
* | chore(merge): branch 'redirect' | sils | 2023-12-12 |
|\ | |||
| * | fix(system/services/nginx/redirects): Enable ssl for the domains | Soispha | 2023-11-03 |
| | | | | | | | | | | | | Although the page does not actually serve any content, many browsers will still refuse to access it at all, if they have the 'https-only' mode activated. | ||
* | | refactor(system/services/etebase): explain outcommented static files | sils | 2023-11-30 |
| | | |||
* | | fix(system/services/etebase): don't serve static files | sils | 2023-11-27 |
| | | | | | | | | This doesn't work as nginx doesn't have the right permissions. | ||
* | | fix(system/services/etebase): serve static_root | sils | 2023-11-27 |
| | | |||
* | | fix(system/services/etebase): micellanous changes to make it work | sils | 2023-11-27 |
| | | |||
* | | Merge branch 'main' into etebase_new | sils | 2023-11-27 |
|\ \ | |||
| * | | fix(system/services/nix): add nixremote to trusted-users | sils | 2023-11-20 |
| | | |